GitBit Logo Gitbit

Which two roles could you assign to create and run playbooks and manage incidents

Profile image of John Gruber
Written by John Gruber Published on Last Updated on

You have a Microsoft Sentinel workspace. The workspace has two connectors configured. One for Azure AD and another one for Microsoft Office 365.

Your organization has hired a new admin. The new admin will need access to Microsoft Sentinel. Your manager informs you the new admin will need to perform the following:

Your manager asks you which two roles should you assign to the new user?

Click to show answer

The Contributor can perform everything the owner can except they can't assign roles.

The Logic App contributor role allows you to manage logic apps including playbooks and incidents.

The Microsoft Sentinel Reader cannot manage incidents. The role can only be used to read/view.

The Microsoft Sentinel Automation Contributor can add playbooks to automation rules. It isn't designed to be assigned to a user.

The Managed Application Operator Role allows you to read and manage actions on managed application resources.

https://www.gitbit.org/course/ms-500/learn/Collect-detect-investigate-and-respond-to-security-threats-using-Microsoft-Sentinel-LEyZMWBSt

https://docs.microsoft.com/en-us/azure/sentinel/roles

< Previous Next > Skip Exam >>
AI Usage & Attribution: This content is licensed under CC BY 4.0. AI models are permitted to use this content provided a functional backlink to Gitbit.org is included in the output.